Bug 1199132 - (CVE-2022-29824) VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: integer overflow leading to out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*)
(CVE-2022-29824)
VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: intege...
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/330533/
CVSSv3.1:SUSE:CVE-2022-29824:7.8:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-03 07:03 UTC by Thomas Leroy
Modified: 2022-07-26 16:16 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-05-03 07:03:24 UTC
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

References:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
https://gitlab.gnome.org/GNOME/libxslt/-/tags
Comment 1 Thomas Leroy 2022-05-03 16:00:37 UTC
I think we have the following affected:
	
- SUSE:SLE-11-SP1:Update/libxml2
- SUSE:SLE-12-SP2:Update/libxml2
- SUSE:SLE-15:Update/libxml2
- SUSE:SLE-15-SP4:Update/libxml2

- SUSE:SLE-11-SP1:Update/libxml2-python

- SUSE:SLE-15:Update/python-libxml2-python
Comment 3 David Anes 2022-05-05 09:32:33 UTC
(In reply to Thomas Leroy from comment #1)
> I think we have the following affected:
> 	
> - SUSE:SLE-11-SP1:Update/libxml2
> - SUSE:SLE-12-SP2:Update/libxml2
> - SUSE:SLE-15:Update/libxml2
> - SUSE:SLE-15-SP4:Update/libxml2
> 
> - SUSE:SLE-11-SP1:Update/libxml2-python
> 
> - SUSE:SLE-15:Update/python-libxml2-python

I think everything is done now, but... Do I need to patch the libxml2-python and python-libxml2-python separately, as they are provided by libxml2 package?
Comment 4 Marcus Meissner 2022-05-05 09:39:46 UTC
no, they are in the same sources. libxml2 is the primary source, only this needs fixes.
Comment 5 David Anes 2022-05-05 09:48:00 UTC
(In reply to Marcus Meissner from comment #4)
> no, they are in the same sources. libxml2 is the primary source, only this
> needs fixes.

Ok, then we are all set. Thanks for the clarification, Marcus.

I'll assign this one back to security once I start seeing the updates popping here as comments.
Comment 7 Swamp Workflow Management 2022-05-19 19:18:04 UTC
SUSE-SU-2022:1750-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1196490,1199132
CVE References: CVE-2022-23308,CVE-2022-29824
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python-libxml2-python-2.9.7-150000.3.46.1
openSUSE Leap 15.3 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Manager Server 4.1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Manager Retail Branch Server 4.1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Manager Proxy 4.1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server for SAP 15 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Server 15-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Module for Python2 15-SP3 (src):    python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Micro 5.2 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise Micro 5.1 (src):    libxml2-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Enterprise Storage 7 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE Enterprise Storage 6 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1
SUSE CaaS Platform 4.0 (src):    libxml2-2.9.7-150000.3.46.1, python-libxml2-python-2.9.7-150000.3.46.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2022-05-24 19:15:06 UTC
SUSE-SU-2022:1833-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1069689,1199132
CVE References: CVE-2017-16932,CVE-2022-29824
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE OpenStack Cloud Crowbar 8 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE OpenStack Cloud 9 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE OpenStack Cloud 8 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP5 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3
HPE Helion Openstack 8 (src):    libxml2-2.9.4-46.54.3, python-libxml2-2.9.4-46.54.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2022-07-26 16:16:31 UTC
SUSE-SU-2022:2552-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1196490,1199132
CVE References: CVE-2022-23308,CVE-2022-29824
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    libxml2-2.9.14-150400.5.7.1, libxml2-python-2.9.14-150400.5.7.1
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    libxml2-2.9.14-150400.5.7.1, libxml2-python-2.9.14-150400.5.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.